[root@zotac etc]# nslookup
> server
Default server: 10.30.3.5
Address: 10.30.3.5#53
> cnn.com
Server: 10.30.3.5
Address: 10.30.3.5#53
Non-authoritative answer:
Name: cnn.com
Address: 151.101.64.73
Name: cnn.com
Address: 151.101.192.73
Name: cnn.com
Address: 151.101.0.73
Name: cnn.com
Address: 151.101.128.73
[root@zotac etc]# netstat -lnp | grep named
tcp 0 0 10.30.3.5:53 0.0.0.0:* LISTEN 10028/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 10028/named
udp 0 0 10.30.3.5:53 0.0.0.0:* 10028/named
[root@zotac etc]#
c:\>nslookup cnn.com.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 10.30.3.5
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
[root@zotac ~]# tcpdump -vvv -s 0 -l -n port 53 -i enp2s0 | grep cnn.com
tcpdump: listening on enp2s0, link-type EN10MB (Ethernet), capture size 65535 bytes
10.30.3.253.55238 > 10.30.3.5.domain: [udp sum ok] 2+ A? cnn.com. (25)
10.30.3.253.55239 > 10.30.3.5.domain: [udp sum ok] 3+ AAAA? cnn.com. (25)
[root@zotac etc]# cat named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
acl "trusted" {
10.30.3.0/24;
};
options {
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { trusted; };
allow-transfer { 10.30.3.5;};
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
forwarders {
8.8.8.8;
8.8.4.4;
};
forward first;
listen-on port 53 {
10.30.3.5;
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
key rndc-key {
algorithm hmac-md5;
secret "secretpassword";
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
};
zone "kfs.local" IN {
type master;
file "/var/named/kfs.local.hosts";
allow-update { none; };
};
zone "10.30.3.in-addr.arpa" {
type master;
file "/var/named/3.30.10.rev";
};
[root@zotac etc]#
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.